UK businesses will be unable to pay GDPR fines, says Proofpoint

Many organisations across Europe are resigning themselves to GDPR non-compliance, new research by Proofpoint shows. Despite having had two years to prepare, just 40 per cent of companies in the UK, France and Germany have even assessed their own GDPR readiness – and only 39 per cent believe that they will be able to pay the fines for non-compliance.

That is despite almost two-thirds of businesses saying that they suffered a data breach in the last two years, and more than half of UK firms – 54 per cent – expecting another breach in the next 12 months.

Some organisations have opted to transfer their risk, choosing to take out cyber insurance. About a quarter of firms told Proofpoint that they had protected themselves in this way (although legal expert James Donnelly, speaking at a recent Computing event, warned against relying on insurance to mitigate fines as they will not cover in the case of non-compliance).

Despite the above, optimism around compliance was high, with more than 70 per cent of firms telling Proofpoint that they expect to be fully compliant by May 2018 – a situation that the company describes as ‘naive’ at best.

Adenike Cosgrove, EMEA cybersecurity strategist at Proofpoint, said: “It’s clear that when it comes to GDPR readiness, there is a disconnect. While the majority of UK businesses are bullish about their ability to meet the compliance deadline, our research shows that for many, the basic requirements are not met… With data breaches becoming the new normal and the deadline to comply now less than six months away, the time is now to identify and protect all personal EU data. Failure to do so could lead to financially-significant fines, broken customer trust and in turn, potentially crippling disruption to the business.”